1339 matches found
CVE-2015-9445
The unite-gallery-lite plugin before 1.5 for WordPress has CSRF and SQL injection via wp-admin/admin-ajax.php in a unitegalleryajaxaction operation...
CVE-2015-9446
The unite-gallery-lite plugin before 1.5 for WordPress has SQL injection via datagalleryID to wp-admin/admin-ajax.php...
Sql injection
The unite-gallery-lite plugin before 1.5 for WordPress has SQL injection via datagalleryID to wp-admin/admin-ajax.php...
CVE-2015-9438
The display-widgets plugin before 2.04 for WordPress has XSS via the wp-admin/admin-ajax.php?action=dwshowwidget idbase, widgetnumber, or instance parameter...
Design/Logic Flaw
The display-widgets plugin before 2.04 for WordPress has XSS via the wp-admin/admin-ajax.php?action=dwshowwidget idbase, widgetnumber, or instance parameter...
CVE-2015-9423
The PlugNedit Adaptive Editor plugin before 6.2.0 for WordPress has XSS via wp-admin/admin-ajax.php?action=simplefieldsfieldtypepostdialogload PlugneditBGColor, PlugneditEditorMargin, plugneditwidth, pnemedcount, or plugneditcontent parameters...
CVE-2015-9422
The PlugNedit Adaptive Editor plugin before 6.2.0 for WordPress has CSRF with resultant XSS via wp-admin/admin-ajax.php?action=simplefieldsfieldtypepostdialogload plugneditwidth, pnemedcount, PlugneditBGColor, PlugneditEditorMargin, or plugneditcontent parameters...
Code injection
The PlugNedit Adaptive Editor plugin before 6.2.0 for WordPress has XSS via wp-admin/admin-ajax.php?action=simplefieldsfieldtypepostdialogload PlugneditBGColor, PlugneditEditorMargin, plugneditwidth, pnemedcount, or plugneditcontent parameters...
Design/Logic Flaw
The soundcloud-is-gold plugin before 2.3.2 for WordPress has XSS via the wp-admin/admin-ajax.php?action=getsoundcloudplayer id parameter...
CVE-2015-9423
The PlugNedit Adaptive Editor plugin before 6.2.0 for WordPress has XSS via wp-admin/admin-ajax.php?action=simplefieldsfieldtypepostdialogload PlugneditBGColor, PlugneditEditorMargin, plugneditwidth, pnemedcount, or plugneditcontent parameters...
CVE-2015-9422
The PlugNedit Adaptive Editor plugin before 6.2.0 for WordPress has CSRF with resultant XSS via wp-admin/admin-ajax.php?action=simplefieldsfieldtypepostdialogload plugneditwidth, pnemedcount, PlugneditBGColor, PlugneditEditorMargin, or plugneditcontent parameters...
CVE-2015-9421
The olevmedia-shortcodes plugin before 1.1.9 for WordPress has CSRF with resultant XSS via the wp-admin/admin-ajax.php?action=omscpopup id parameter...
CVE-2015-9394
The users-ultra plugin before 1.5.63 for WordPress has CSRF via action=packageaddnew to wp-admin/admin-ajax.php...
CVE-2015-9394
The CVE concerns the WordPress plugin Users Ultra Membership (plugin) before 1.5.63. A CSRF vulnerability exists via action=package_add_new to wp-admin/admin-ajax.php, enabling an attacker to perform actions on behalf of authenticated users. Exploitation details are not provided beyond the CSRF d...
CVE-2016-10958
The estatik plugin before 2.3.0 for WordPress has unauthenticated arbitrary file upload via esmediaimages to wp-admin/admin-ajax.php...
CVE-2016-10959
The estatik plugin before 2.3.1 for WordPress has authenticated arbitrary file upload exploitable with CSRF via esmediaimages to wp-admin/admin-ajax.php...
Cross site request forgery (csrf)
The estatik plugin before 2.3.1 for WordPress has authenticated arbitrary file upload exploitable with CSRF via esmediaimages to wp-admin/admin-ajax.php...
Code injection
The newspaper theme before 6.7.2 for WordPress has script injection via tdadsheader to admin-ajax.php...
CVE-2016-10959
The estatik plugin before 2.3.1 for WordPress has authenticated arbitrary file upload exploitable with CSRF via esmediaimages to wp-admin/admin-ajax.php...
WordPress SlickQuiz 1.3.7.1 Cross Site Scripting Vulnerability
Exploit for php platform in category web applications 1. ADVISORY INFORMATION ======================= Product: SlickQuiz Vendor URL: https://wordpress.org/plugins/slickquiz/ Type: Cross-Site Scripting CWE-79 Date found: 2019-05-30 Date published: 2019-09-10 CVSSv3 Score: 6.1...